From d6ac9b0b349fbff145beaa0a29bc13d52f46a45b Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Wed, 30 Aug 2023 22:12:29 +0530 Subject: [PATCH 01/15] First iteration --- transformer/tfc/exporter.tfvars | 26 ++++++++++++++++++++++++++ transformer/tfc/main.tf | 20 ++++++++++++-------- 2 files changed, 38 insertions(+), 8 deletions(-) create mode 100644 transformer/tfc/exporter.tfvars diff --git a/transformer/tfc/exporter.tfvars b/transformer/tfc/exporter.tfvars new file mode 100644 index 0000000..1946771 --- /dev/null +++ b/transformer/tfc/exporter.tfvars @@ -0,0 +1,26 @@ +# Terraform Cloud/Enterprise organization name +tfc_organization = "" + +# List of TFC/TFE workspace names to export. Wildcards are supported (e.g., ["*"], ["*-example"], ["example-*"]). +# tfc_workspace_names = ["*"] + +# List of TFC/TFE workspace tags to include when exporting. Excluded tags take precedence over included ones. Wildcards are not supported. +# tfc_workspace_include_tags = ["example"] + +# List of TFC/TFE workspace tags to exclude when exporting. Excluded tags take precedence over included ones. Wildcards are not supported. +# tfc_workspace_exclude_tags = ["ignore"] + +# Export Terraform state to files? +export_state = true + +# Terraform Cloud/Enterprise does not return the VCS provider name so we use the value below instead. +vcs_provider = "github" + +# The name of the entity containing the repository. +# The value should be empty for GitHub.com, the user/organization for GitHub (custom application), +# the project for Bitbucket, and the namespace for Gitlab. +vcs_namespace = "" + +# When the branch for the stack is the repository's default branch, +# the value is empty so we use the value provided below instead +vcs_default_branch = "main" \ No newline at end of file diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 98e9a82..f09b54e 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -23,16 +23,20 @@ locals { workflow_ids = [for i, v in data.tfe_workspace_ids.all.ids : v] workflow_names = [for i, v in data.tfe_workspace_ids.all.ids : i] workflows = [for i, v in data.tfe_workspace_ids.all.ids : { + CLIConfiguration = { + "WorkflowGroup": "../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate", + "TfStateFilePath": "" + } ResourceName = data.tfe_workspace.all[i].name wfgrpName = "" Description = "" Tags = data.tfe_workspace.all[i].tag_names - EnvironmentVariables = [for i, v in data.tfe_variables.all[v].variables : { - hcl = v.hcl - name = v.category == "terraform" ? "TF_VAR_${v.name}" : v.name - sensitive = v.sensitive - value = v.value - }] + EnvironmentVariables = [for i, v in data.tfe_variables.all[v].variables : + {"config": { + "textValue": v.value, + "varName": v.name + }, + "kind": "PLAIN_TEXT"} if v.category == "env"] DeploymentPlatformConfig = [] RunnerConstraints = {"type": "shared"} @@ -45,7 +49,7 @@ locals { "includeSubModule": false, "ref": length(data.tfe_workspace.all[i].vcs_repo) > 0 ? data.tfe_workspace.all[i].vcs_repo[0].branch != "" ? data.tfe_workspace.all[i].vcs_repo[0].branch : var.vcs_default_branch : var.vcs_default_branch, "isPrivate": true, - "auth": "/integrations/", + "auth": "/integrations/integration-name", "workingDir": "", "repo": length(data.tfe_workspace.all[i].vcs_repo) > 0 ? split("/", data.tfe_workspace.all[i].vcs_repo[0].identifier)[1] : "" } @@ -53,7 +57,7 @@ locals { }, "iacInputData": { "schemaType": "RAW_JSON", - "data": {} + "data" : {for i, v in data.tfe_variables.all[v].variables: v.name => v.value if v.category == "terraform" } } } From fd593938bd825638846e131b157616a2eca24042 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Wed, 30 Aug 2023 22:14:29 +0530 Subject: [PATCH 02/15] Readme --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index f691dd7..0f07157 100644 --- a/README.md +++ b/README.md @@ -17,3 +17,17 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - Terraform - terraform login to ensure that Terraform can interact with your Terraform Cloud/Enterprise account. - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) + +### Export the resource definitions and Terraform state + +- Choose the transformer and locate the example of `exporter.tfvars`. +- Edit that file ( exporter.tfvars) to match your context. +- Run the following commands: + +```shell +cd transformer/ +terraform init +terraform apply -auto-approve -var-file=exporter.tfvars +``` + +A new `out` folder should have been created. The `data.json` files contains the mapping of your vendor resources to the equivalent Spacelift resources, and the `state-files` folder contains the files for the Terraform state of your stacks, if the state export was enabled. From b332aa24d17477775901daead96f7fd4411d2029 Mon Sep 17 00:00:00 2001 From: rixhieloomis <104064451+rixhieloomis@users.noreply.github.com> Date: Wed, 30 Aug 2023 22:41:49 +0530 Subject: [PATCH 03/15] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f07157..9e67601 100644 --- a/README.md +++ b/README.md @@ -30,4 +30,4 @@ terraform init terraform apply -auto-approve -var-file=exporter.tfvars ``` -A new `out` folder should have been created. The `data.json` files contains the mapping of your vendor resources to the equivalent Spacelift resources, and the `state-files` folder contains the files for the Terraform state of your stacks, if the state export was enabled. +A new `out` folder should have been created. The `data.json` files contains the mapping of your resources equivalent to StackGuardian, and the `state-files` folder contains the files for the Terraform state of your workspace, if the state export was enabled. From b49e6737c1faf131280d0444d3c6286861240b8e Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 10:14:40 +0530 Subject: [PATCH 04/15] sg_payload format --- transformer/tfc/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index f09b54e..8d1d5a1 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -86,9 +86,9 @@ locals { WfType = "" UserSchedules = [] }] - data = jsonencode({ - "workflows" : local.workflows - }) + data = jsonencode( + local.workflows + ) } data "tfe_workspace_ids" "all" { From 5daa7afc254e39685e4fcda07398c3fe98ed9b45 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 10:52:08 +0530 Subject: [PATCH 05/15] Absolute path for state file --- transformer/tfc/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 8d1d5a1..0361f4e 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -24,8 +24,8 @@ locals { workflow_names = [for i, v in data.tfe_workspace_ids.all.ids : i] workflows = [for i, v in data.tfe_workspace_ids.all.ids : { CLIConfiguration = { - "WorkflowGroup": "../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate", - "TfStateFilePath": "" + "WorkflowGroup": "", + "TfStateFilePath": "${abspath(path.root)}../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" } ResourceName = data.tfe_workspace.all[i].name wfgrpName = "" From f46ff655e358715de9bf2facb8841e7140c9452a Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 15:03:31 +0530 Subject: [PATCH 06/15] Final changes --- transformer/tfc/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 0361f4e..159294b 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -25,7 +25,7 @@ locals { workflows = [for i, v in data.tfe_workspace_ids.all.ids : { CLIConfiguration = { "WorkflowGroup": "", - "TfStateFilePath": "${abspath(path.root)}../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" + "TfStateFilePath": "${abspath(path.root)}/../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" } ResourceName = data.tfe_workspace.all[i].name wfgrpName = "" @@ -36,7 +36,7 @@ locals { "textValue": v.value, "varName": v.name }, - "kind": "PLAIN_TEXT"} if v.category == "env"] + "kind": "PLAIN_TEXT"} if v.category == "env" && v.sensitive == false] DeploymentPlatformConfig = [] RunnerConstraints = {"type": "shared"} From 7f7fd1995bc1b6e4f5468b240b9dc91d032462c0 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 15:22:40 +0530 Subject: [PATCH 07/15] Docs --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 9e67601..2425cf1 100644 --- a/README.md +++ b/README.md @@ -31,3 +31,15 @@ terraform apply -auto-approve -var-file=exporter.tfvars ``` A new `out` folder should have been created. The `data.json` files contains the mapping of your resources equivalent to StackGuardian, and the `state-files` folder contains the files for the Terraform state of your workspace, if the state export was enabled. + +After completing the export , edit the `data.json` file for DeploymentPlatformConfig , VCSConfig , MiniSteps and UserSchedules. + +### Bulk import + +- Fetch sg-cli (https://github.com/StackGuardian/sg-cli.git) and set up sg-cli locally (documentation present in repo) +- Run the following commands and pass the `data.json` as payload (represented below) + +```shell +cd sg-cli/shell +./sg-cli workflow create --bulk --org --workflow-group -- data.json +``` From 9f5e756c98f3bf2b5780ea0b182f07c0b2ec09e2 Mon Sep 17 00:00:00 2001 From: AKSHAT TANDON Date: Thu, 31 Aug 2023 13:31:23 +0200 Subject: [PATCH 08/15] docs --- .gitignore | 3 +- README.md | 28 ++++++---- transformer/tfc/.gitignore | 29 ++++++++++ transformer/tfc/exporter.tfvars | 26 --------- transformer/tfc/main.py | 70 ------------------------ transformer/tfc/main.tf | 94 ++++++++++++++++----------------- transformer/tfc/variables.tf | 18 ------- 7 files changed, 95 insertions(+), 173 deletions(-) create mode 100644 transformer/tfc/.gitignore delete mode 100644 transformer/tfc/exporter.tfvars delete mode 100644 transformer/tfc/main.py diff --git a/.gitignore b/.gitignore index 9fe17bc..aa44ee2 100644 --- a/.gitignore +++ b/.gitignore @@ -126,4 +126,5 @@ venv.bak/ dmypy.json # Pyre type checker -.pyre/ \ No newline at end of file +.pyre/ + diff --git a/README.md b/README.md index 2425cf1..44ff2ed 100644 --- a/README.md +++ b/README.md @@ -20,26 +20,32 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ### Export the resource definitions and Terraform state -- Choose the transformer and locate the example of `exporter.tfvars`. -- Edit that file ( exporter.tfvars) to match your context. +- Choose the transformer and locate the example of `terraform.tfvars`. +- Edit that file ( terraform.tfvars) to match your context. - Run the following commands: ```shell -cd transformer/ +cd transformer/tfc terraform init -terraform apply -auto-approve -var-file=exporter.tfvars +terraform apply -auto-approve -var-file=terraform.tfvars ``` -A new `out` folder should have been created. The `data.json` files contains the mapping of your resources equivalent to StackGuardian, and the `state-files` folder contains the files for the Terraform state of your workspace, if the state export was enabled. +A new `out` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `state-files` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled. -After completing the export , edit the `data.json` file for DeploymentPlatformConfig , VCSConfig , MiniSteps and UserSchedules. +After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: +- `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration) +- `VCSConfig` - Provide full path to the repo like as well the relevant sourceConfigDestKind from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". -### Bulk import +### Bulk import - Fetch sg-cli (https://github.com/StackGuardian/sg-cli.git) and set up sg-cli locally (documentation present in repo) -- Run the following commands and pass the `data.json` as payload (represented below) +- Run the following commands and pass the `sg-payload.json` as payload (represented below) ```shell -cd sg-cli/shell -./sg-cli workflow create --bulk --org --workflow-group -- data.json -``` +cd ../../out + +Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key + +export SG_API_TOKEN= +wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli* && ./sg-cli workflow create --bulk --org "stackguardian" --workflow-group "test-tfc-exporter" -- sg-payload.json +``` \ No newline at end of file diff --git a/transformer/tfc/.gitignore b/transformer/tfc/.gitignore new file mode 100644 index 0000000..cfdfe96 --- /dev/null +++ b/transformer/tfc/.gitignore @@ -0,0 +1,29 @@ +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc \ No newline at end of file diff --git a/transformer/tfc/exporter.tfvars b/transformer/tfc/exporter.tfvars deleted file mode 100644 index 1946771..0000000 --- a/transformer/tfc/exporter.tfvars +++ /dev/null @@ -1,26 +0,0 @@ -# Terraform Cloud/Enterprise organization name -tfc_organization = "" - -# List of TFC/TFE workspace names to export. Wildcards are supported (e.g., ["*"], ["*-example"], ["example-*"]). -# tfc_workspace_names = ["*"] - -# List of TFC/TFE workspace tags to include when exporting. Excluded tags take precedence over included ones. Wildcards are not supported. -# tfc_workspace_include_tags = ["example"] - -# List of TFC/TFE workspace tags to exclude when exporting. Excluded tags take precedence over included ones. Wildcards are not supported. -# tfc_workspace_exclude_tags = ["ignore"] - -# Export Terraform state to files? -export_state = true - -# Terraform Cloud/Enterprise does not return the VCS provider name so we use the value below instead. -vcs_provider = "github" - -# The name of the entity containing the repository. -# The value should be empty for GitHub.com, the user/organization for GitHub (custom application), -# the project for Bitbucket, and the namespace for Gitlab. -vcs_namespace = "" - -# When the branch for the stack is the repository's default branch, -# the value is empty so we use the value provided below instead -vcs_default_branch = "main" \ No newline at end of file diff --git a/transformer/tfc/main.py b/transformer/tfc/main.py deleted file mode 100644 index b8f0e3d..0000000 --- a/transformer/tfc/main.py +++ /dev/null @@ -1,70 +0,0 @@ -import json - -def create_new_json(input_file1, input_file2): - try: - # Load data from the first input JSON file - with open(input_file1, 'r') as f1: - data1 = json.load(f1) - - - - #patch the data to the sg_payload - resources = (data1["resources"]) - env = [] - resource_names=[] - for i in resources: - if i["type"] == "tfe_variables": - instances = i["instances"] - for j in instances: - if j["attributes"]["env"]: - for k in j["attributes"]["env"]: - if k["category"] == "env": - env.append({k["name"] : k["value"]}) - if j["attributes"]["variables"]: - for k in j["attributes"]["variables"]: - if k["category"] == "env": - env.append({k["name"] : k["value"]}) - - if i["type"] == "tfe_workspace": - workspace_names = i["instances"] - for j in workspace_names: - workspace_name = j["index_key"] - description = j["attributes"]["description"] - tags = j["attributes"]["tag_names"] - env = env - resource_names.append({"ResourceName": workspace_name, "Description" : description, "Tags" : tags, "EnvironmentVariables" : env}) - - - - for i in resource_names: - # Load data from the second input JSON file - with open(input_file2, 'r') as f2: - data2 = json.load(f2) - - data2["ResourceName"] = i["ResourceName"] - data2["Description"] = i["Description"] - data2["Tags"] = i["Tags"] - data2["EnvironmentVariables"] = i["EnvironmentVariables"] - - with open(i["ResourceName"] + ".json", 'w') as out_f: - json.dump( data2, out_f, indent=4) - print(f"New JSON file {i['ResourceName']}.json created successfully.") - - # Write the data from the second input JSON file to the output JSON file - # with open(output_file, 'w') as out_f: - # json.dump(data2, out_f, indent=4) - - - - except FileNotFoundError: - print("One or both input files not found.") - except json.JSONDecodeError: - print("Error decoding JSON data from the input file.") - -# Provide the paths of the input JSON files and the output JSON file -input_json_file1 = input("Enter the location the state file from Terraform cloud: ") -print(input_json_file1) -input_json_file2 = 'sg_payload.json' - - -create_new_json(input_json_file1,input_json_file2) \ No newline at end of file diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 159294b..e4c268e 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -23,79 +23,79 @@ locals { workflow_ids = [for i, v in data.tfe_workspace_ids.all.ids : v] workflow_names = [for i, v in data.tfe_workspace_ids.all.ids : i] workflows = [for i, v in data.tfe_workspace_ids.all.ids : { - CLIConfiguration = { - "WorkflowGroup": "", - "TfStateFilePath": "${abspath(path.root)}/../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" + CLIConfiguration = { + "WorkflowGroup" : "", + "TfStateFilePath" : "${abspath(path.root)}/../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" } - ResourceName = data.tfe_workspace.all[i].name - wfgrpName = "" - Description = "" - Tags = data.tfe_workspace.all[i].tag_names - EnvironmentVariables = [for i, v in data.tfe_variables.all[v].variables : - {"config": { - "textValue": v.value, - "varName": v.name + ResourceName = data.tfe_workspace.all[i].name + wfgrpName = "" + Description = "" + Tags = data.tfe_workspace.all[i].tag_names + EnvironmentVariables = [for i, v in data.tfe_variables.all[v].variables : + { "config" : { + "textValue" : v.value, + "varName" : v.name }, - "kind": "PLAIN_TEXT"} if v.category == "env" && v.sensitive == false] + "kind" : "PLAIN_TEXT" } if v.category == "env" && v.sensitive == false] DeploymentPlatformConfig = [] - RunnerConstraints = {"type": "shared"} + RunnerConstraints = { "type" : "shared" } VCSConfig = { - "iacVCSConfig": { - "useMarketplaceTemplate": false, - "customSource": { - "sourceConfigDestKind": "", - "config": { - "includeSubModule": false, - "ref": length(data.tfe_workspace.all[i].vcs_repo) > 0 ? data.tfe_workspace.all[i].vcs_repo[0].branch != "" ? data.tfe_workspace.all[i].vcs_repo[0].branch : var.vcs_default_branch : var.vcs_default_branch, - "isPrivate": true, - "auth": "/integrations/integration-name", - "workingDir": "", - "repo": length(data.tfe_workspace.all[i].vcs_repo) > 0 ? split("/", data.tfe_workspace.all[i].vcs_repo[0].identifier)[1] : "" + "iacVCSConfig" : { + "useMarketplaceTemplate" : false, + "customSource" : { + "sourceConfigDestKind" : "PLEASE PROVIDE A VALUE", + "config" : { + "includeSubModule" : false, + "ref" : length(data.tfe_workspace.all[i].vcs_repo) > 0 ? data.tfe_workspace.all[i].vcs_repo[0].branch != "" ? data.tfe_workspace.all[i].vcs_repo[0].branch : "" : "", + "isPrivate" : true, + "auth" : "PLEASE PROVIDE A VALUE", + "workingDir" : "", + "repo" : length(data.tfe_workspace.all[i].vcs_repo) > 0 ? split("/", data.tfe_workspace.all[i].vcs_repo[0].identifier)[1] : "" } } }, - "iacInputData": { - "schemaType": "RAW_JSON", - "data" : {for i, v in data.tfe_variables.all[v].variables: v.name => v.value if v.category == "terraform" } + "iacInputData" : { + "schemaType" : "RAW_JSON", + "data" : { for i, v in data.tfe_variables.all[v].variables : v.name => v.value if v.category == "terraform" } } } - + MiniSteps = { - "wfChaining": { - "ERRORED": [], - "COMPLETED": [] + "wfChaining" : { + "ERRORED" : [], + "COMPLETED" : [] }, - "notifications": { - "email": { - "ERRORED": [], - "COMPLETED": [], - "APPROVAL_REQUIRED": [], - "CANCELLED": [] + "notifications" : { + "email" : { + "ERRORED" : [], + "COMPLETED" : [], + "APPROVAL_REQUIRED" : [], + "CANCELLED" : [] } } } - + Approvers = [] - + TerraformConfig = { - "managedTerraformState": var.export_state, - "terraformVersion": data.tfe_workspace.all[i].terraform_version + "managedTerraformState" : var.export_state, + "terraformVersion" : data.tfe_workspace.all[i].terraform_version } - WfType = "" - UserSchedules = [] + WfType = "TERRAFORM" + UserSchedules = [] }] data = jsonencode( - local.workflows - ) + local.workflows + ) } data "tfe_workspace_ids" "all" { - exclude_tags = var.tfc_workspace_exclude_tags names = var.tfc_workspace_names organization = var.tfc_organization tag_names = var.tfc_workspace_include_tags + exclude_tags = var.tfc_workspace_exclude_tags } data "tfe_workspace" "all" { @@ -113,7 +113,7 @@ data "tfe_variables" "all" { resource "local_file" "data" { content = local.data - filename = "${path.module}/../../out/data.json" + filename = "${path.module}/../../out/sg-payload.json" } resource "local_file" "generate_temp_tf_files" { diff --git a/transformer/tfc/variables.tf b/transformer/tfc/variables.tf index 34c2325..0972cbe 100644 --- a/transformer/tfc/variables.tf +++ b/transformer/tfc/variables.tf @@ -26,21 +26,3 @@ variable "tfc_workspace_include_tags" { description = "List of TFC/TFE workspace tags to include when exporting. Excluded tags take precedence over included ones. Wildcards are not supported." type = list(string) } - -variable "vcs_default_branch" { - default = "main" - description = "Name of the repositories' default branch" - type = string -} - -variable "vcs_namespace" { - default = "" - description = "The name of the entity containing the repository. The value should be empty for GitHub.com, the user/organization for GitHub (custom application), the project for Bitbucket, and the namespace for Gitlab." - type = string -} - -variable "vcs_provider" { - default = "github" - description = "Name of the Version Control System (VCS) provider to use" - type = string -} \ No newline at end of file From 1fd806c1a2831d27d9d792e8def528276470cb93 Mon Sep 17 00:00:00 2001 From: AKSHAT TANDON Date: Thu, 31 Aug 2023 13:36:06 +0200 Subject: [PATCH 09/15] readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 44ff2ed..29ff970 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ After completing the export , edit the `sg-payload.json` file to provide tune ea - `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration) - `VCSConfig` - Provide full path to the repo like as well the relevant sourceConfigDestKind from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". -### Bulk import +### Bulk import workflows to StackGuardian Platform - Fetch sg-cli (https://github.com/StackGuardian/sg-cli.git) and set up sg-cli locally (documentation present in repo) - Run the following commands and pass the `sg-payload.json` as payload (represented below) From a86986f485263392cbbcce06d0ad80b15e42d67e Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 17:17:07 +0530 Subject: [PATCH 10/15] Docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 29ff970..6e7268a 100644 --- a/README.md +++ b/README.md @@ -33,8 +33,8 @@ terraform apply -auto-approve -var-file=terraform.tfvars A new `out` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `state-files` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled. After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: -- `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration) -- `VCSConfig` - Provide full path to the repo like as well the relevant sourceConfigDestKind from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". +- `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration), Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation. +- `VCSConfig` - Provide full path(https://gitlab.com/example) to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". ### Bulk import workflows to StackGuardian Platform From dce518a5de7e62739062d2b845dc65ab50ef7c10 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 17:18:09 +0530 Subject: [PATCH 11/15] Docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e7268a..9662594 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ A new `out` folder should have been created. The `sg-payload.json` file contains After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: - `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration), Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation. -- `VCSConfig` - Provide full path(https://gitlab.com/example) to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". +- `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS". ### Bulk import workflows to StackGuardian Platform From 79d08dbb26007d6d89cba8dd015148df7fb8e9c7 Mon Sep 17 00:00:00 2001 From: AKSHAT TANDON Date: Thu, 31 Aug 2023 19:15:13 +0200 Subject: [PATCH 12/15] WorkflowGroup --- .gitignore | 32 ++++++++++++++++++++++++++++++++ README.md | 3 +++ transformer/tfc/main.tf | 6 +++++- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index aa44ee2..e78f621 100644 --- a/.gitignore +++ b/.gitignore @@ -128,3 +128,35 @@ dmypy.json # Pyre type checker .pyre/ +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +out/* +.DS_Store \ No newline at end of file diff --git a/README.md b/README.md index 9662594..8be41d3 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,9 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - terraform login to ensure that Terraform can interact with your Terraform Cloud/Enterprise account. - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) +### Perform terraform login +`terraform login` + ### Export the resource definitions and Terraform state - Choose the transformer and locate the example of `terraform.tfvars`. diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index e4c268e..300f844 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -24,7 +24,11 @@ locals { workflow_names = [for i, v in data.tfe_workspace_ids.all.ids : i] workflows = [for i, v in data.tfe_workspace_ids.all.ids : { CLIConfiguration = { - "WorkflowGroup" : "", + "WorkflowGroup":{ + "name": "", + "description": "", + "tags": [] + }, "TfStateFilePath" : "${abspath(path.root)}/../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" } ResourceName = data.tfe_workspace.all[i].name From 1dfd3ba0d50bd8a8f751261db6250085a1229d75 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Thu, 31 Aug 2023 22:53:00 +0530 Subject: [PATCH 13/15] project_id as WorkflowGroup.name --- transformer/tfc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 300f844..34b89eb 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -25,7 +25,7 @@ locals { workflows = [for i, v in data.tfe_workspace_ids.all.ids : { CLIConfiguration = { "WorkflowGroup":{ - "name": "", + "name": data.tfe_workspace.all[i].project_id, "description": "", "tags": [] }, From b6a2d5a8e15f0e9e4cda1b654af9e77b1b57c239 Mon Sep 17 00:00:00 2001 From: AKSHAT TANDON Date: Thu, 31 Aug 2023 19:44:34 +0200 Subject: [PATCH 14/15] remove desc and tags --- transformer/tfc/main.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/transformer/tfc/main.tf b/transformer/tfc/main.tf index 34b89eb..a7af889 100644 --- a/transformer/tfc/main.tf +++ b/transformer/tfc/main.tf @@ -25,9 +25,7 @@ locals { workflows = [for i, v in data.tfe_workspace_ids.all.ids : { CLIConfiguration = { "WorkflowGroup":{ - "name": data.tfe_workspace.all[i].project_id, - "description": "", - "tags": [] + "name": data.tfe_workspace.all[i].project_id }, "TfStateFilePath" : "${abspath(path.root)}/../../out/state-files/${data.tfe_workspace.all[i].name}.tfstate" } From ea89e63f269af2470b8a2a61791c52a37a966fdb Mon Sep 17 00:00:00 2001 From: AKSHAT TANDON Date: Thu, 31 Aug 2023 19:47:34 +0200 Subject: [PATCH 15/15] do not pass wfgrp-id --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8be41d3..cff8560 100644 --- a/README.md +++ b/README.md @@ -50,5 +50,5 @@ cd ../../out Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key export SG_API_TOKEN= -wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli* && ./sg-cli workflow create --bulk --org "stackguardian" --workflow-group "test-tfc-exporter" -- sg-payload.json +wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli* && ./sg-cli workflow create --bulk --org "stackguardian" -- sg-payload.json ``` \ No newline at end of file